Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability

Bugtraq ID:	69546
Class:	Unknown
CVE:	CVE-2014-3095
Remote:	Yes
Local:	No
Published:	Aug 29 2014 12:00AM
Updated:	Oct 03 2018 05:00AM
Credit:	IBM
Vulnerable:	IBM Smart Analytics System 7710 0 IBM Smart Analytics System 7700 0 IBM Smart Analytics System 7600 0 IBM Smart Analytics System 5710 0 IBM Smart Analytics System 5600 0 IBM Smart Analytics System 2050 0 IBM Smart Analytics System 1050 0 IBM PureData System for Operational Analytics A1791 0 IBM InfoSphere Balanced Warehouse D5100 IBM InfoSphere Balanced Warehouse C4000 IBM InfoSphere Balanced Warehouse C3000 IBM DB2 Workgroup Server Edition 9.7 IBM DB2 Workgroup Server Edition 9.5 IBM DB2 Workgroup Server Edition 10.5 IBM DB2 Workgroup Server Edition 10.1 IBM DB2 pureScale Feature for Enterprise Server Edition 9.8 IBM DB2 Express Edition 9.7 IBM DB2 Express Edition 9.5 IBM DB2 Express Edition 10.5 IBM DB2 Express Edition 10.1 IBM DB2 Enterprise Server Edition 9.7 IBM DB2 Enterprise Server Edition 9.5 IBM DB2 Enterprise Server Edition 10.5 IBM DB2 Enterprise Server Edition 10.1 IBM DB2 Connect Unlimited Edition for System z 9.7 IBM DB2 Connect Unlimited Edition for System z 9.5 IBM DB2 Connect Unlimited Edition for System z 10.5 IBM DB2 Connect Unlimited Edition for System z 10.1 IBM DB2 Connect Unlimited Edition for System i 9.7 IBM DB2 Connect Unlimited Edition for System i 9.5 IBM DB2 Connect Unlimited Edition for System i 10.5 IBM DB2 Connect Unlimited Edition for System i 10.1 IBM DB2 Connect Enterprise Edition 9.7 IBM DB2 Connect Enterprise Edition 9.5 IBM DB2 Connect Enterprise Edition 10.5 IBM DB2 Connect Enterprise Edition 10.1 IBM DB2 Connect Application Server Edition 9.7 IBM DB2 Connect Application Server Edition 9.5 IBM DB2 Connect Application Server Edition 10.5 IBM DB2 Connect Application Server Edition 10.1 IBM DB2 Advanced Workgroup Server Edition 9.7 IBM DB2 Advanced Workgroup Server Edition 9.5 IBM DB2 Advanced Workgroup Server Edition 10.5 IBM DB2 Advanced Workgroup Server Edition 10.1 IBM DB2 Advanced Enterprise Server Edition 9.7 IBM DB2 Advanced Enterprise Server Edition 9.5 IBM DB2 Advanced Enterprise Server Edition 10.5 IBM DB2 Advanced Enterprise Server Edition 10.1
Not Vulnerable:

Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability

Multiple IBM DB2 products are prone to a remote denial-of-service vulnerability.

An attacker can exploit this issue to cause the application to crash, resulting in denial-of-service conditions.

The following products are affected:

IBM DB2 Express Edition
IBM DB2 Workgroup Server Edition
IBM DB2 Enterprise Server Edition
IBM DB2 Advanced Enterprise Server Edition
IBM DB2 Advanced Workgroup Server Edition
IBM DB2 Connect Application Server Edition
IBM DB2 Connect Enterprise Edition
IBM DB2 Connect Unlimited Edition for System i
IBM DB2 Connect Unlimited Edition for System z

Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Multiple IBM DB2 Products CVE-2014-3095 Remote Denial of Service Vulnerability

References:

• IBM DB2 Homepage (IBM)
  
• IBM Homepage (IBM)
  
• Security Bulletin: IBM® DB2® LUW contains a denial of service vulnerability usin (IBM)
  
• Security Bulletin: IBM® InfoSphere Balanced Warehouse, IBM Smart Analytics Syste (IBM)